We are infected with ransomware Petya.a
please help us to track the same . we have disconnected LAN.
Please share the precautions.
Symantec researchers have confirmed that the Petya ransomware is behind the attack, gaining entry into network via email using Office flaw CVE-2017-0199, then spreads via the EternallBlue exploit -- the same exploit that WannaCry utilized.
So a good place to start is to patch against these two.
where do you see it stated that CVE-2017-0199 is the initial exploit vector?
It came from: WannaCry Déjà Vu: Petya Ransomware Outbreak Wreaking Havoc Across the Globe
However, the article indicates the exact vectors are unknown -- sorry, I should have noted that in my original post.
We are working on an official blog post that will give our full analysis and recommendations.
The blog post is published: Petya Ransomware: What You Need to Know
Retrieving data ...